diff --git a/README.md b/README.md
index 7ae568a..2ee1f7b 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
[](https://github.com/fastify/csrf-protection/actions/workflows/ci.yml)
[](https://www.npmjs.com/package/@fastify/csrf-protection)
-[](https://standardjs.com/)
+[](https://github.com/neostandard/neostandard)
This plugin helps developers protect their Fastify server against [CSRF](https://en.wikipedia.org/wiki/Cross-site_request_forgery) attacks.
In order to fully protect against CSRF, developers should study [Cross-Site Request Forgery Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html)
diff --git a/eslint.config.js b/eslint.config.js
new file mode 100644
index 0000000..89fd678
--- /dev/null
+++ b/eslint.config.js
@@ -0,0 +1,6 @@
+'use strict'
+
+module.exports = require('neostandard')({
+ ignores: require('neostandard').resolveIgnoresFromGitignore(),
+ ts: true
+})
diff --git a/package.json b/package.json
index 2eb7e66..831499d 100644
--- a/package.json
+++ b/package.json
@@ -6,7 +6,8 @@
"type": "commonjs",
"types": "types/index.d.ts",
"scripts": {
- "lint": "standard",
+ "lint": "eslint",
+ "lint:fix": "eslint --fix",
"test": "npm run test:unit",
"test:unit": "tap",
"test:typescript": "tsd"
@@ -40,9 +41,9 @@
"@fastify/session": "^11.0.0",
"@types/node": "^22.0.0",
"fastify": "^5.0.0",
+ "neostandard": "^0.11.9",
"proxyquire": "^2.1.3",
"sinon": "^19.0.2",
- "standard": "^17.1.0",
"tap": "^18.7.2",
"tsd": "^0.31.0"
},
diff --git a/types/index.d.ts b/types/index.d.ts
index abbcd01..9bae228 100644
--- a/types/index.d.ts
+++ b/types/index.d.ts
@@ -1,8 +1,8 @@
///
-import { FastifyPluginAsync, FastifyRequest } from 'fastify';
-import { Options as CSRFOptions } from "@fastify/csrf";
-import { CookieSerializeOptions as FastifyCookieSerializeOptions } from "@fastify/cookie";
+import { FastifyPluginAsync, FastifyRequest } from 'fastify'
+import { Options as CSRFOptions } from '@fastify/csrf'
+import { CookieSerializeOptions as FastifyCookieSerializeOptions } from '@fastify/cookie'
declare module 'fastify' {
interface FastifyInstance {
@@ -20,12 +20,12 @@ declare module 'fastify' {
}
}
-type FastifyCsrfProtection = FastifyPluginAsync;
+type FastifyCsrfProtection = FastifyPluginAsync
declare namespace fastifyCsrfProtection {
export type CookieSerializeOptions = FastifyCookieSerializeOptions
- export type GetTokenFn = (req: FastifyRequest) => string | void;
+ export type GetTokenFn = (req: FastifyRequest) => string | void
interface FastifyCsrfProtectionOptionsBase {
cookieKey?: string;
@@ -38,15 +38,15 @@ declare namespace fastifyCsrfProtection {
interface FastifyCsrfProtectionOptionsFastifyCookie {
sessionPlugin?: '@fastify/cookie';
csrfOpts?: | ({
- [k in keyof CSRFOptions]: k extends "userInfo"
+ [k in keyof CSRFOptions]: k extends 'userInfo'
? true
: CSRFOptions[k];
- } & Required>)
+ } & Required>)
| ({
- [k in keyof CSRFOptions]: k extends "userInfo"
- ? false
- : CSRFOptions[k];
- });
+ [k in keyof CSRFOptions]: k extends 'userInfo'
+ ? false
+ : CSRFOptions[k];
+ });
}
interface FastifyCsrfProtectionOptionsFastifySession {
@@ -68,12 +68,11 @@ declare namespace fastifyCsrfProtection {
/**
* @deprecated Use FastifyCsrfProtectionOptions instead
*/
- export type FastifyCsrfOptions = FastifyCsrfProtectionOptions;
+ export type FastifyCsrfOptions = FastifyCsrfProtectionOptions
export const fastifyCsrfProtection: FastifyCsrfProtection
export { fastifyCsrfProtection as default }
}
-
-declare function fastifyCsrfProtection(...params: Parameters): ReturnType
+declare function fastifyCsrfProtection (...params: Parameters): ReturnType
export = fastifyCsrfProtection
diff --git a/types/index.test-d.ts b/types/index.test-d.ts
index 30e19ff..d89d63f 100644
--- a/types/index.test-d.ts
+++ b/types/index.test-d.ts
@@ -12,7 +12,7 @@ declare module 'fastify' {
}
}
-async function run() {
+async function run () {
await fastify.register(FastifyCookie)
await fastify.register(FastifyCsrfProtection)
@@ -37,17 +37,17 @@ async function run() {
fastify.addHook('onRequest', fastify.csrfProtection)
}
-
+run()
fastify.register(FastifyCsrfProtection, { csrfOpts: { algorithm: 'sha1', hmacKey: 'hmac' } })
expectError(fastify.register(FastifyCsrfProtection, { csrfOpts: { algorithm: 1 } }))
-fastify.register(FastifySession)
+fastify.register(FastifySession, { secret: 'a secret with minimum length of 32 characters' })
fastify.register(FastifyCsrfProtection, {
csrfOpts: {
hmacKey: '123'
},
- getUserInfo(req) {
+ getUserInfo (req) {
const info = req.session.get('username')
if (info) {
return info
@@ -61,10 +61,10 @@ expectError(fastify.register(FastifyCsrfProtection, { getUserInfo: 'invalid' }))
fastify.register(FastifyCsrfProtection, { csrfOpts: { hmacKey: 'hmac' }, sessionPlugin: '@fastify/cookie' })
fastify.register(FastifyCsrfProtection, { csrfOpts: { hmacKey: 'hmac' } })
fastify.register(FastifyCsrfProtection, { })
-fastify.register(FastifyCsrfProtection, { csrfOpts: { }})
-expectError(fastify.register(FastifyCsrfProtection, { sessionPlugin: '@fastify/cookie', csrfOpts: { userInfo: true}}))
-fastify.register(FastifyCsrfProtection, { sessionPlugin: '@fastify/cookie', csrfOpts: { userInfo: true, hmacKey: 'key'}})
-fastify.register(FastifyCsrfProtection, { sessionPlugin: '@fastify/cookie'})
+fastify.register(FastifyCsrfProtection, { csrfOpts: { } })
+expectError(fastify.register(FastifyCsrfProtection, { sessionPlugin: '@fastify/cookie', csrfOpts: { userInfo: true } }))
+fastify.register(FastifyCsrfProtection, { sessionPlugin: '@fastify/cookie', csrfOpts: { userInfo: true, hmacKey: 'key' } })
+fastify.register(FastifyCsrfProtection, { sessionPlugin: '@fastify/cookie' })
fastify.register(FastifyCsrfProtection, { csrfOpts: { }, sessionPlugin: '@fastify/session' })
fastify.register(FastifyCsrfProtection, { csrfOpts: { }, sessionPlugin: '@fastify/secure-session' })
fastify.register(FastifyCsrfProtection, { sessionPlugin: '@fastify/session' })